Details of VAR-202011-1206

ID

VAR-202011-1206

CVE

CVE-2018-19950

TITLE

QNAP Music Station In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-016514

DESCRIPTION

If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. QNAP Music Station Has OS There are command injection vulnerabilities and command injection vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. QNAP Systems TS-870 is a NAS (Network Attached Storage) device of China QNAP Systems. The UserName of the Music Station that uses the file upload function of QNAP Systems TS-870 with firmware version 4.3.4.0486 has a command injection vulnerability

Trust: 2.25

sources: NVD: CVE-2018-19950 // JVNDB: JVNDB-2018-016514 // CNVD: CNVD-2020-62934 // VULMON: CVE-2018-19950

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-62934

AFFECTED PRODUCTS

vendor:	qnap	model:	music station	scope:	lt	version:	5.2.9	Trust: 1.0
vendor:	qnap	model:	music station	scope:	gte	version:	5.3.0	Trust: 1.0
vendor:	qnap	model:	music station	scope:	lt	version:	5.3.11	Trust: 1.0
vendor:	qnap	model:	music station	scope:	lt	version:	5.1.13	Trust: 1.0
vendor:	qnap	model:	music station	scope:	gte	version:	5.2.0	Trust: 1.0
vendor:	qnap	model:	music station	scope:	eq	version:	5.3.11	Trust: 0.8
vendor:	qnap	model:	music station	scope:	eq	version:	-	Trust: 0.8
vendor:	qnap	model:	music station	scope:	eq	version:	5.2.9	Trust: 0.8
vendor:	qnap	model:	music station	scope:	eq	version:	5.1.13	Trust: 0.8
vendor:	qnap	model:	systems ts-870	scope:	eq	version:	4.3.4.0486	Trust: 0.6

sources: CNVD: CNVD-2020-62934 // JVNDB: JVNDB-2018-016514 // NVD: CVE-2018-19950

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-19950
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-19950
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-62934
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201909-926
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2018-19950
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-19950
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-62934
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-19950
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-19950
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-62934 // VULMON: CVE-2018-19950 // JVNDB: JVNDB-2018-016514 // CNNVD: CNNVD-201909-926 // NVD: CVE-2018-19950

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	CWE-78	Trust: 1.0
problemtype:	Command injection (CWE-77) [NVD Evaluation ]	Trust: 0.8
problemtype:	OS Command injection (CWE-78) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2018-016514 // NVD: CVE-2018-19950

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-926

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201909-926

PATCH

title:

QSA-20-10

url:

https://www.qnap.com/en/security-advisory/qsa-20-10

Trust: 0.8

sources: JVNDB: JVNDB-2018-016514

EXTERNAL IDS

db:	NVD	id:	CVE-2018-19950	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-016514	Trust: 0.8
db:	CNVD	id:	CNVD-2020-62934	Trust: 0.6
db:	CNNVD	id:	CNNVD-201909-926	Trust: 0.6
db:	VULMON	id:	CVE-2018-19950	Trust: 0.1

sources: CNVD: CNVD-2020-62934 // VULMON: CVE-2018-19950 // JVNDB: JVNDB-2018-016514 // CNNVD: CNNVD-201909-926 // NVD: CVE-2018-19950

REFERENCES

url:	https://www.qnap.com/en/security-advisory/qsa-20-10	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19950	Trust: 1.4
url:	https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-62934 // VULMON: CVE-2018-19950 // JVNDB: JVNDB-2018-016514 // CNNVD: CNNVD-201909-926 // NVD: CVE-2018-19950

CREDITS

Rick Ramgattie,Shaun Mirani, Joshua Meyer, and Ian Sindermann

Trust: 0.6

sources: CNNVD: CNNVD-201909-926

SOURCES

db:	CNVD	id:	CNVD-2020-62934
db:	VULMON	id:	CVE-2018-19950
db:	JVNDB	id:	JVNDB-2018-016514
db:	CNNVD	id:	CNNVD-201909-926
db:	NVD	id:	CVE-2018-19950

LAST UPDATE DATE

2024-11-23T23:01:11.826000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-62934	date:	2020-11-13T00:00:00
db:	VULMON	id:	CVE-2018-19950	date:	2020-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-016514	date:	2021-05-31T07:26:00
db:	CNNVD	id:	CNNVD-201909-926	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2018-19950	date:	2024-11-21T03:58:52.370

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-62934	date:	2020-11-13T00:00:00
db:	VULMON	id:	CVE-2018-19950	date:	2020-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-016514	date:	2021-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201909-926	date:	2019-09-16T00:00:00
db:	NVD	id:	CVE-2018-19950	date:	2020-11-02T16:15:13.020